Just how big was The Big Delete?

How are your General Data Protection Regulation comms going? In April the Royal College of Nursing organised an organisational wide Big Delete in preparation for GDPR.

I’m thrilled to welcome Matthew Batten, Organisational Development Adviser at the Royal College of Nursing (RCN) back to the All Things IC blog to share how it went on 12 April 2018 and what’s changed since The Big Delete.

Jargon buster: GDPR is the General Data Protection Regulation, a piece of EU legislation that will supersede the Data Protection Act. On 25 May 2018, most processing of personal data by organisations will have to comply with the regulation.

GDPR aims to give people the power to say how their personal information is used, it also aims to keep data safer.

That’s quite an achievement considering this was the first time we ever attempted an all-user data cleanse.

To be honest, as a member organisation, we are very good at data protection and we have systems in place to ensure confidential data is stored securely and in the most appropriate place. But like many organisations, we have accumulated a lot of digital ‘stuff’ over the years.

Preparing for the GDPR was the perfect opportunity to change habits.

It was actually quite fun

Save it somewhere appropriate or delete it. Just don’t horde it. That was the message our senior management team took to their teams. And it was a message that worked well.

All that information that was once clogging up our IT systems has either been deleted or stored in a more appropriate place.

Getting involved

Lots of teams threw themselves into The Big Delete and made it a team effort. Our HR team rewarded their data cleansing efforts with a Really Big Del-eat buffet (nice play on words), the Nursing Department held a cake and delete session, East Midlands regional office held a team paper shredding event and the Legal team took a Doctor Who deep dive and baked a Cyberman cake – pictured below.

GDPR could have been a dry subject but in true RCN style we found the fun!

Changing the way we handle data

The Big Delete is also changing the way we work. We’re hearing many examples from teams who have been discussing their approach to data protection and making changes to safeguard the data we handle.

For example, we now have an organisation wide retention schedule that outlines what we need to keep and for how long, some team have disabled automatic suggestion of email addresses in Outlook to avoid sending emails to the wrong people and most importantly our shared drive is so much simpler to navigate now that we’ve cleaned up all the stale data.

Just when you thought it was safe to go back to your H drive…

GDPR could have been a very dry and dull subject to communicate but we’ve had a lot of fun thanks to The Big Delete. In fact, it was so successful that we’re doing it all over again with The Big Delete 2. This time we’re running a competition to find the best slogan based on a movie sequel.

So far we’ve had:

I Know What You Deleted Last Summer

The Big Delete 2: Electric Boogaloo

The ex-Files

Big Delete 2 ½: The Smell of Clear.

We also produced some additional guidance for our people – using simple animation and mobile phone videos. While I was given a budget I haven’t actually used it (except for the competition prize of cinema vouchers). There’s plenty of free tools out there. I’m a big fan of Canva and KineMaster because you can quickly create an image or video and get that out to your people instantaneously.

Make the dull sound fun

The Big Delete was all about very simple messaging to nudge behaviour. We wanted everyone to feel excited about GDPR and so all our communications had to feel fresh and lively with very clear messaging. Ultimately, we found the fun and that generate all the interest we needed.

I just found out that The Big Delete will now become an annual event. I’m already looking forward to adding it to our internal comms calendar!

Post author: Matt Batten.

Thank you Matt. Are you working on GDPR comms? I’ve published various articles on my blog to help you learn. See below for a round-up. I also recommend reading this article by Benjamin Ellis to understand Privacy and Electronic Communications Regulations (PECR).

Find out more about GDPR

If you’re looking for GDPR resources to help you, here’s what I’ve published to date:

Where to get legal advice: free GDPR checklist

I am not a legal expert, however, I recommend contacting Suzanne Dibble, who is. I’ve bought the resources mentioned below to help me create my privacy policies, and recommend them.

There’s two options: a free checklist and a paid-for compliance pack.

Suzanne is a multi-award winning business lawyer who consults with multi-nationals on data protection law and the upcoming GDPR.

The Legal Services Board and the Law Society have heralded her innovative approach to helping small business owners with complex regulations. Suzanne worked with Richard Branson at Virgin where she managed a group wide data protection project which resulted in Virgin nominating Suzanne for the Solicitor of the Year Award and subsequently Suzanne was runner up in this prestigious award.

She has published a free GDPR Checklist which guides you through what you need to know.

Where to get legal advice: purchase a GDPR compliance pack

Suzanne has also created a GDPR Compliance Pack, which costs £197. She says: “My pack contains 20 legal document templates and checklists that you will need post GDPR, regardless of the size of your business.”